66-ns a new tool which it will be available soon. This tool allow us to setup a namespace to protect a part of the system for a service. Its really flexible like any other 66 tools. Also, i can be used on a terminal to run a program on a protected system.
"And cherry on top of the cake", it handle correctly daemon which fork itself : https://youtu.be/41HM-KY-dYU.

How to setup a namespace with a private /dev directory and other examples: https://youtu.be/CDYkO8kByo0
10 days later
66-fj (66 firejail) is here :)

Q: If you can block the /proc or manufacture a fake one for the ns, does this mean you can fool X to run a second time? I've never been able to fool X to run twice and other than proc, I don't know, it may be placing a lock file somewhere preventing to run 2nd time. But I've never had a system crash where an X lock file was left behind that needed to be removed before it restarts.

Why would anyone need X to run twice? No reason I can think of, just because it says that it will not is a challenge. Maybe there is if you want to configure a 2nd monitor inside the ns?
5 days later
completely forgot to answer you, sorry.
66-ns will not avoid you to start a program twice. This is not the goal of this program. It allow you to change the view of the system for a process, so limits access of a program to a specific directory,file,net and so on.
If you want to avoid to start twice a program you need to parse the proc directory and check a every start of a program if it already running. I don't know if this kind of program already exist or not.
The lock file can be a good idea but again i don't know if X provide this options.
I didn't want to prevent starting it twice but the reverse, to be able to start twice something that is engineered to only run once on each system
2 months later

Powered by Obarun